Detecting security problems – using static analysis to catch them early and less expensively

By Bill Graham

In my previous post I discussed the potential benefits in quality and costs that static analysis brings to software development. In addition to common coding errors, many of the bugs found by static analysis are potential security defects as well. Buffer overflow, OS command injection, unrestricted string format and integer overflows are among the top 25 most dangerous security coding defects (according to the Common Weakness Enumeration (CWS) from the MITRE organization). These types of defects are common in C and C++ and are dangerous to correct operation in general but also pose significant security threats – often because the right exploit can lead to arbitrary code execution on the target. Once an attacker can execute code on your device, they can gain complete control, which might include reflashing the firmware, installing malware or rewriting the command and control software.

Wind River Blog Network

The Wind River Blog Network is made up of a variety of voices: executives, technologists and industry enthusiasts. We hope to foster conversations and encourage the sharing of insights regarding the evolving landscape of intelligent, connected systems with our ecosystem of customers, partners and colleagues.